Authen-U2F-0.003/000755 000765 000024 00000000000 13165014711 013434 5ustar00robnstaff000000 000000 Authen-U2F-0.003/README000644 000765 000024 00000000540 13165014711 014313 0ustar00robnstaff000000 000000 This archive contains the distribution Authen-U2F, version 0.003: FIDO U2F library This software is copyright (c) 2016 by Robert Norris. This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. This README file was generated by Dist::Zilla::Plugin::Readme v6.010. Authen-U2F-0.003/Changes000644 000765 000024 00000000521 13165014711 014725 0ustar00robnstaff000000 000000 0.003 2017-10-04 10:14:15+11:00 Australia/Melbourne - Support for Perl 5.8 (thanks Michael McClimon) - Use namespace::autoclean instead of namespace::sweep 0.002 2016-06-27 22:42:56+10:00 Australia/Melbourne - Version dep on MIME::Base64 for url methods 0.001 2016-06-20 11:40:20-04:00 America/New_York - First release Authen-U2F-0.003/MANIFEST000644 000765 000024 00000000743 13165014711 014571 0ustar00robnstaff000000 000000 # This file was automatically generated by Dist::Zilla::Plugin::Manifest v6.010. Changes LICENSE MANIFEST META.json META.yml Makefile.PL README dist.ini examples/demoserver/demoserver.psgi examples/demoserver/index.html.tt2 examples/demoserver/login.html.tt2 examples/demoserver/login_u2f.html.tt2 examples/demoserver/register.html.tt2 examples/demoserver/signup.html.tt2 examples/demoserver/u2f-api.js examples/register.pl examples/sign.pl lib/Authen/U2F.pm t/00-load.t t/01-dumb.t Authen-U2F-0.003/LICENSE000644 000765 000024 00000043660 13165014711 014452 0ustar00robnstaff000000 000000 This software is copyright (c) 2016 by Robert Norris. This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. Terms of the Perl programming language system itself a) the GNU General Public License as published by the Free Software Foundation; either version 1, or (at your option) any later version, or b) the "Artistic License" --- The GNU General Public License, Version 1, February 1989 --- This software is Copyright (c) 2016 by Robert Norris. This is free software, licensed under: The GNU General Public License, Version 1, February 1989 GNU GENERAL PUBLIC LICENSE Version 1, February 1989 Copyright (C) 1989 Free Software Foundation, Inc. 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The license agreements of most software companies try to keep users at the mercy of those companies. By contrast, our General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. The General Public License applies to the Free Software Foundation's software and to any other program whose authors commit to using it. You can use it for your programs, too. When we speak of free software, we are referring to freedom, not price. Specifically, the General Public License is designed to make sure that you have the freedom to give away or sell copies of free software, that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of a such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must tell them their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License Agreement applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any work containing the Program or a portion of it, either verbatim or with modifications. Each licensee is addressed as "you". 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this General Public License and to the absence of any warranty; and give any other recipients of the Program a copy of this General Public License along with the Program. You may charge a fee for the physical act of transferring a copy. 2. You may modify your copy or copies of the Program or any portion of it, and copy and distribute such modifications under the terms of Paragraph 1 above, provided that you also do the following: a) cause the modified files to carry prominent notices stating that you changed the files and the date of any change; and b) cause the whole of any work that you distribute or publish, that in whole or in part contains the Program or any part thereof, either with or without modifications, to be licensed at no charge to all third parties under the terms of this General Public License (except that you may choose to grant warranty protection to some or all third parties, at your option). c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the simplest and most usual way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this General Public License. d) You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. Mere aggregation of another independent work with the Program (or its derivative) on a volume of a storage or distribution medium does not bring the other work under the scope of these terms. 3. You may copy and distribute the Program (or a portion or derivative of it, under Paragraph 2) in object code or executable form under the terms of Paragraphs 1 and 2 above provided that you also do one of the following: a) accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Paragraphs 1 and 2 above; or, b) accompany it with a written offer, valid for at least three years, to give any third party free (except for a nominal charge for the cost of distribution) a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Paragraphs 1 and 2 above; or, c) accompany it with the information you received as to where the corresponding source code may be obtained. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form alone.) Source code for a work means the preferred form of the work for making modifications to it. For an executable file, complete source code means all the source code for all modules it contains; but, as a special exception, it need not include source code for modules which are standard libraries that accompany the operating system on which the executable file runs, or for standard header files or definitions files that accompany that operating system. 4. You may not copy, modify, sublicense, distribute or transfer the Program except as expressly provided under this General Public License. Any attempt otherwise to copy, modify, sublicense, distribute or transfer the Program is void, and will automatically terminate your rights to use the Program under this License. However, parties who have received copies, or rights to use copies, from you under this General Public License will not have their licenses terminated so long as such parties remain in full compliance. 5. By copying, distributing or modifying the Program (or any work based on the Program) you indicate your acceptance of this license to do so, and all its terms and conditions. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. 7. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of the license which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of the license, you may choose any version ever published by the Free Software Foundation. 8. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 9. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 10. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS Appendix: How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to humanity, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) 19yy This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 1, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301 USA Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C) 19xx name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (a program to direct compilers to make passes at assemblers) written by James Hacker. , 1 April 1989 Ty Coon, President of Vice That's all there is to it! --- The Artistic License 1.0 --- This software is Copyright (c) 2016 by Robert Norris. This is free software, licensed under: The Artistic License 1.0 The Artistic License Preamble The intent of this document is to state the conditions under which a Package may be copied, such that the Copyright Holder maintains some semblance of artistic control over the development of the package, while giving the users of the package the right to use and distribute the Package in a more-or-less customary fashion, plus the right to make reasonable modifications. Definitions: - "Package" refers to the collection of files distributed by the Copyright Holder, and derivatives of that collection of files created through textual modification. - "Standard Version" refers to such a Package if it has not been modified, or has been modified in accordance with the wishes of the Copyright Holder. - "Copyright Holder" is whoever is named in the copyright or copyrights for the package. - "You" is you, if you're thinking about copying or distributing this Package. - "Reasonable copying fee" is whatever you can justify on the basis of media cost, duplication charges, time of people involved, and so on. (You will not be required to justify it to the Copyright Holder, but only to the computing community at large as a market that must bear the fee.) - "Freely Available" means that no fee is charged for the item itself, though there may be fees involved in handling the item. It also means that recipients of the item may redistribute it under the same conditions they received it. 1. You may make and give away verbatim copies of the source form of the Standard Version of this Package without restriction, provided that you duplicate all of the original copyright notices and associated disclaimers. 2. You may apply bug fixes, portability fixes and other modifications derived from the Public Domain or from the Copyright Holder. A Package modified in such a way shall still be considered the Standard Version. 3. You may otherwise modify your copy of this Package in any way, provided that you insert a prominent notice in each changed file stating how and when you changed that file, and provided that you do at least ONE of the following: a) place your modifications in the Public Domain or otherwise make them Freely Available, such as by posting said modifications to Usenet or an equivalent medium, or placing the modifications on a major archive site such as ftp.uu.net, or by allowing the Copyright Holder to include your modifications in the Standard Version of the Package. b) use the modified Package only within your corporation or organization. c) rename any non-standard executables so the names do not conflict with standard executables, which must also be provided, and provide a separate manual page for each non-standard executable that clearly documents how it differs from the Standard Version. d) make other distribution arrangements with the Copyright Holder. 4. You may distribute the programs of this Package in object code or executable form, provided that you do at least ONE of the following: a) distribute a Standard Version of the executables and library files, together with instructions (in the manual page or equivalent) on where to get the Standard Version. b) accompany the distribution with the machine-readable source of the Package with your modifications. c) accompany any non-standard executables with their corresponding Standard Version executables, giving the non-standard executables non-standard names, and clearly documenting the differences in manual pages (or equivalent), together with instructions on where to get the Standard Version. d) make other distribution arrangements with the Copyright Holder. 5. You may charge a reasonable copying fee for any distribution of this Package. You may charge any fee you choose for support of this Package. You may not charge a fee for this Package itself. However, you may distribute this Package in aggregate with other (possibly commercial) programs as part of a larger (possibly commercial) software distribution provided that you do not advertise this Package as a product of your own. 6. The scripts and library files supplied as input to or produced as output from the programs of this Package do not automatically fall under the copyright of this Package, but belong to whomever generated them, and may be sold commercially, and may be aggregated with this Package. 7. C or perl subroutines supplied by you and linked into this Package shall not be considered part of this Package. 8. The name of the Copyright Holder may not be used to endorse or promote products derived from this software without specific prior written permission. 9. THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. The End Authen-U2F-0.003/t/000755 000765 000024 00000000000 13165014711 013677 5ustar00robnstaff000000 000000 Authen-U2F-0.003/META.yml000644 000765 000024 00000015014 13165014711 014706 0ustar00robnstaff000000 000000 --- abstract: 'FIDO U2F library' author: - 'Robert Norris ' build_requires: Test::More: '0' configure_requires: ExtUtils::MakeMaker: '0' dynamic_config: 0 generated_by: 'Dist::Zilla version 6.010, CPAN::Meta::Converter version 2.150010' license: perl meta-spec: url: http://module-build.sourceforge.net/META-spec-v1.4.html version: '1.4' name: Authen-U2F requires: Carp: '0' Crypt::OpenSSL::X509: '1.806' Crypt::PK::ECC: '0' CryptX: '0.034' Digest::SHA: '0' Exporter::Tiny: '0' JSON: '0' MIME::Base64: '3.11' Math::Random::Secure: '0' Try::Tiny: '0' Type::Params: '0' Types::Standard: '0' namespace::autoclean: '0' parent: '0' strict: '0' warnings: '0' resources: bugtracker: https://github.com/robn/Authen-U2F/issues homepage: https://github.com/robn/Authen-U2F repository: https://github.com/robn/Authen-U2F.git version: '0.003' x_Dist_Zilla: perl: version: '5.026000' plugins: - class: Dist::Zilla::Plugin::PruneCruft name: '@Filter/PruneCruft' version: '6.010' - class: Dist::Zilla::Plugin::ManifestSkip name: '@Filter/ManifestSkip' version: '6.010' - class: Dist::Zilla::Plugin::MetaYAML name: '@Filter/MetaYAML' version: '6.010' - class: Dist::Zilla::Plugin::License name: '@Filter/License' version: '6.010' - class: Dist::Zilla::Plugin::Readme name: '@Filter/Readme' version: '6.010' - class: Dist::Zilla::Plugin::ExtraTests name: '@Filter/ExtraTests' version: '6.010' - class: Dist::Zilla::Plugin::ExecDir name: '@Filter/ExecDir' version: '6.010' - class: Dist::Zilla::Plugin::ShareDir name: '@Filter/ShareDir' version: '6.010' - class: Dist::Zilla::Plugin::MakeMaker config: Dist::Zilla::Role::TestRunner: default_jobs: 1 name: '@Filter/MakeMaker' version: '6.010' - class: Dist::Zilla::Plugin::Manifest name: '@Filter/Manifest' version: '6.010' - class: Dist::Zilla::Plugin::TestRelease name: '@Filter/TestRelease' version: '6.010' - class: Dist::Zilla::Plugin::ConfirmRelease name: '@Filter/ConfirmRelease' version: '6.010' - class: Dist::Zilla::Plugin::UploadToCPAN name: '@Filter/UploadToCPAN' version: '6.010' - class: Dist::Zilla::Plugin::GatherDir config: Dist::Zilla::Plugin::GatherDir: exclude_filename: - LICENSE - Makefile.PL exclude_match: [] follow_symlinks: 0 include_dotfiles: 0 prefix: '' prune_directory: [] root: . name: GatherDir version: '6.010' - class: Dist::Zilla::Plugin::AutoPrereqs name: AutoPrereqs version: '6.010' - class: Dist::Zilla::Plugin::PkgVersion name: PkgVersion version: '6.010' - class: Dist::Zilla::Plugin::MetaConfig name: MetaConfig version: '6.010' - class: Dist::Zilla::Plugin::MetaJSON name: MetaJSON version: '6.010' - class: Dist::Zilla::Plugin::NextRelease name: NextRelease version: '6.010' - class: Dist::Zilla::Plugin::GithubMeta name: GithubMeta version: '0.54' - class: Dist::Zilla::Plugin::Git::Check config: Dist::Zilla::Plugin::Git::Check: untracked_files: die Dist::Zilla::Role::Git::DirtyFiles: allow_dirty: - Changes - Makefile.PL - dist.ini allow_dirty_match: [] changelog: Changes Dist::Zilla::Role::Git::Repo: git_version: 2.14.2 repo_root: . name: '@Git/Check' version: '2.042' - class: Dist::Zilla::Plugin::Git::Commit config: Dist::Zilla::Plugin::Git::Commit: add_files_in: [] commit_msg: v%v%n%n%c Dist::Zilla::Role::Git::DirtyFiles: allow_dirty: - Changes - Makefile.PL - dist.ini allow_dirty_match: [] changelog: Changes Dist::Zilla::Role::Git::Repo: git_version: 2.14.2 repo_root: . Dist::Zilla::Role::Git::StringFormatter: time_zone: local name: '@Git/Commit' version: '2.042' - class: Dist::Zilla::Plugin::Git::Tag config: Dist::Zilla::Plugin::Git::Tag: branch: ~ changelog: Changes signed: 0 tag: '0.003' tag_format: '%v' tag_message: v%v Dist::Zilla::Role::Git::Repo: git_version: 2.14.2 repo_root: . Dist::Zilla::Role::Git::StringFormatter: time_zone: local name: '@Git/Tag' version: '2.042' - class: Dist::Zilla::Plugin::Git::Push config: Dist::Zilla::Plugin::Git::Push: push_to: - origin remotes_must_exist: 1 Dist::Zilla::Role::Git::Repo: git_version: 2.14.2 repo_root: . name: '@Git/Push' version: '2.042' - class: Dist::Zilla::Plugin::ReadmeAnyFromPod config: Dist::Zilla::Role::FileWatcher: version: '0.006' name: MarkdownInRoot version: '0.163250' - class: Dist::Zilla::Plugin::CopyFilesFromBuild name: CopyFilesFromBuild version: '0.170880' - class: Dist::Zilla::Plugin::FinderCode name: ':InstallModules' version: '6.010' - class: Dist::Zilla::Plugin::FinderCode name: ':IncModules' version: '6.010' - class: Dist::Zilla::Plugin::FinderCode name: ':TestFiles' version: '6.010' - class: Dist::Zilla::Plugin::FinderCode name: ':ExtraTestFiles' version: '6.010' - class: Dist::Zilla::Plugin::FinderCode name: ':ExecFiles' version: '6.010' - class: Dist::Zilla::Plugin::FinderCode name: ':PerlExecFiles' version: '6.010' - class: Dist::Zilla::Plugin::FinderCode name: ':ShareFiles' version: '6.010' - class: Dist::Zilla::Plugin::FinderCode name: ':MainModule' version: '6.010' - class: Dist::Zilla::Plugin::FinderCode name: ':AllFiles' version: '6.010' - class: Dist::Zilla::Plugin::FinderCode name: ':NoFiles' version: '6.010' zilla: class: Dist::Zilla::Dist::Builder config: is_trial: '0' version: '6.010' x_serialization_backend: 'YAML::Tiny version 1.70' Authen-U2F-0.003/META.json000644 000765 000024 00000024435 13165014711 015065 0ustar00robnstaff000000 000000 { "abstract" : "FIDO U2F library", "author" : [ "Robert Norris " ], "dynamic_config" : 0, "generated_by" : "Dist::Zilla version 6.010, CPAN::Meta::Converter version 2.150010", "license" : [ "perl_5" ], "meta-spec" : { "url" : "http://search.cpan.org/perldoc?CPAN::Meta::Spec", "version" : 2 }, "name" : "Authen-U2F", "prereqs" : { "configure" : { "requires" : { "ExtUtils::MakeMaker" : "0" } }, "runtime" : { "requires" : { "Carp" : "0", "Crypt::OpenSSL::X509" : "1.806", "Crypt::PK::ECC" : "0", "CryptX" : "0.034", "Digest::SHA" : "0", "Exporter::Tiny" : "0", "JSON" : "0", "MIME::Base64" : "3.11", "Math::Random::Secure" : "0", "Try::Tiny" : "0", "Type::Params" : "0", "Types::Standard" : "0", "namespace::autoclean" : "0", "parent" : "0", "strict" : "0", "warnings" : "0" } }, "test" : { "requires" : { "Test::More" : "0" } } }, "release_status" : "stable", "resources" : { "bugtracker" : { "web" : "https://github.com/robn/Authen-U2F/issues" }, "homepage" : "https://github.com/robn/Authen-U2F", "repository" : { "type" : "git", "url" : "https://github.com/robn/Authen-U2F.git", "web" : "https://github.com/robn/Authen-U2F" } }, "version" : "0.003", "x_Dist_Zilla" : { "perl" : { "version" : "5.026000" }, "plugins" : [ { "class" : "Dist::Zilla::Plugin::PruneCruft", "name" : "@Filter/PruneCruft", "version" : "6.010" }, { "class" : "Dist::Zilla::Plugin::ManifestSkip", "name" : "@Filter/ManifestSkip", "version" : "6.010" }, { "class" : "Dist::Zilla::Plugin::MetaYAML", "name" : "@Filter/MetaYAML", "version" : "6.010" }, { "class" : "Dist::Zilla::Plugin::License", "name" : "@Filter/License", "version" : "6.010" }, { "class" : "Dist::Zilla::Plugin::Readme", "name" : "@Filter/Readme", "version" : "6.010" }, { "class" : "Dist::Zilla::Plugin::ExtraTests", "name" : "@Filter/ExtraTests", "version" : "6.010" }, { "class" : "Dist::Zilla::Plugin::ExecDir", "name" : "@Filter/ExecDir", "version" : "6.010" }, { "class" : "Dist::Zilla::Plugin::ShareDir", "name" : "@Filter/ShareDir", "version" : "6.010" }, { "class" : "Dist::Zilla::Plugin::MakeMaker", "config" : { "Dist::Zilla::Role::TestRunner" : { "default_jobs" : 1 } }, "name" : "@Filter/MakeMaker", "version" : "6.010" }, { "class" : "Dist::Zilla::Plugin::Manifest", "name" : "@Filter/Manifest", "version" : "6.010" }, { "class" : "Dist::Zilla::Plugin::TestRelease", "name" : "@Filter/TestRelease", "version" : "6.010" }, { "class" : "Dist::Zilla::Plugin::ConfirmRelease", "name" : "@Filter/ConfirmRelease", "version" : "6.010" }, { "class" : "Dist::Zilla::Plugin::UploadToCPAN", "name" : "@Filter/UploadToCPAN", "version" : "6.010" }, { "class" : "Dist::Zilla::Plugin::GatherDir", "config" : { "Dist::Zilla::Plugin::GatherDir" : { "exclude_filename" : [ "LICENSE", "Makefile.PL" ], "exclude_match" : [], "follow_symlinks" : 0, "include_dotfiles" : 0, "prefix" : "", "prune_directory" : [], "root" : "." } }, "name" : "GatherDir", "version" : "6.010" }, { "class" : "Dist::Zilla::Plugin::AutoPrereqs", "name" : "AutoPrereqs", "version" : "6.010" }, { "class" : "Dist::Zilla::Plugin::PkgVersion", "name" : "PkgVersion", "version" : "6.010" }, { "class" : "Dist::Zilla::Plugin::MetaConfig", "name" : "MetaConfig", "version" : "6.010" }, { "class" : "Dist::Zilla::Plugin::MetaJSON", "name" : "MetaJSON", "version" : "6.010" }, { "class" : "Dist::Zilla::Plugin::NextRelease", "name" : "NextRelease", "version" : "6.010" }, { "class" : "Dist::Zilla::Plugin::GithubMeta", "name" : "GithubMeta", "version" : "0.54" }, { "class" : "Dist::Zilla::Plugin::Git::Check", "config" : { "Dist::Zilla::Plugin::Git::Check" : { "untracked_files" : "die" }, "Dist::Zilla::Role::Git::DirtyFiles" : { "allow_dirty" : [ "Changes", "Makefile.PL", "dist.ini" ], "allow_dirty_match" : [], "changelog" : "Changes" }, "Dist::Zilla::Role::Git::Repo" : { "git_version" : "2.14.2", "repo_root" : "." } }, "name" : "@Git/Check", "version" : "2.042" }, { "class" : "Dist::Zilla::Plugin::Git::Commit", "config" : { "Dist::Zilla::Plugin::Git::Commit" : { "add_files_in" : [], "commit_msg" : "v%v%n%n%c" }, "Dist::Zilla::Role::Git::DirtyFiles" : { "allow_dirty" : [ "Changes", "Makefile.PL", "dist.ini" ], "allow_dirty_match" : [], "changelog" : "Changes" }, "Dist::Zilla::Role::Git::Repo" : { "git_version" : "2.14.2", "repo_root" : "." }, "Dist::Zilla::Role::Git::StringFormatter" : { "time_zone" : "local" } }, "name" : "@Git/Commit", "version" : "2.042" }, { "class" : "Dist::Zilla::Plugin::Git::Tag", "config" : { "Dist::Zilla::Plugin::Git::Tag" : { "branch" : null, "changelog" : "Changes", "signed" : 0, "tag" : "0.003", "tag_format" : "%v", "tag_message" : "v%v" }, "Dist::Zilla::Role::Git::Repo" : { "git_version" : "2.14.2", "repo_root" : "." }, "Dist::Zilla::Role::Git::StringFormatter" : { "time_zone" : "local" } }, "name" : "@Git/Tag", "version" : "2.042" }, { "class" : "Dist::Zilla::Plugin::Git::Push", "config" : { "Dist::Zilla::Plugin::Git::Push" : { "push_to" : [ "origin" ], "remotes_must_exist" : 1 }, "Dist::Zilla::Role::Git::Repo" : { "git_version" : "2.14.2", "repo_root" : "." } }, "name" : "@Git/Push", "version" : "2.042" }, { "class" : "Dist::Zilla::Plugin::ReadmeAnyFromPod", "config" : { "Dist::Zilla::Role::FileWatcher" : { "version" : "0.006" } }, "name" : "MarkdownInRoot", "version" : "0.163250" }, { "class" : "Dist::Zilla::Plugin::CopyFilesFromBuild", "name" : "CopyFilesFromBuild", "version" : "0.170880" }, { "class" : "Dist::Zilla::Plugin::FinderCode", "name" : ":InstallModules", "version" : "6.010" }, { "class" : "Dist::Zilla::Plugin::FinderCode", "name" : ":IncModules", "version" : "6.010" }, { "class" : "Dist::Zilla::Plugin::FinderCode", "name" : ":TestFiles", "version" : "6.010" }, { "class" : "Dist::Zilla::Plugin::FinderCode", "name" : ":ExtraTestFiles", "version" : "6.010" }, { "class" : "Dist::Zilla::Plugin::FinderCode", "name" : ":ExecFiles", "version" : "6.010" }, { "class" : "Dist::Zilla::Plugin::FinderCode", "name" : ":PerlExecFiles", "version" : "6.010" }, { "class" : "Dist::Zilla::Plugin::FinderCode", "name" : ":ShareFiles", "version" : "6.010" }, { "class" : "Dist::Zilla::Plugin::FinderCode", "name" : ":MainModule", "version" : "6.010" }, { "class" : "Dist::Zilla::Plugin::FinderCode", "name" : ":AllFiles", "version" : "6.010" }, { "class" : "Dist::Zilla::Plugin::FinderCode", "name" : ":NoFiles", "version" : "6.010" } ], "zilla" : { "class" : "Dist::Zilla::Dist::Builder", "config" : { "is_trial" : 0 }, "version" : "6.010" } }, "x_serialization_backend" : "Cpanel::JSON::XS version 3.0239" } Authen-U2F-0.003/examples/000755 000765 000024 00000000000 13165014711 015252 5ustar00robnstaff000000 000000 Authen-U2F-0.003/lib/000755 000765 000024 00000000000 13165014711 014202 5ustar00robnstaff000000 000000 Authen-U2F-0.003/Makefile.PL000644 000765 000024 00000003257 13165014711 015415 0ustar00robnstaff000000 000000 # This file was automatically generated by Dist::Zilla::Plugin::MakeMaker v6.010. use strict; use warnings; use ExtUtils::MakeMaker; my %WriteMakefileArgs = ( "ABSTRACT" => "FIDO U2F library", "AUTHOR" => "Robert Norris ", "CONFIGURE_REQUIRES" => { "ExtUtils::MakeMaker" => 0 }, "DISTNAME" => "Authen-U2F", "LICENSE" => "perl", "NAME" => "Authen::U2F", "PREREQ_PM" => { "Carp" => 0, "Crypt::OpenSSL::X509" => "1.806", "Crypt::PK::ECC" => 0, "CryptX" => "0.034", "Digest::SHA" => 0, "Exporter::Tiny" => 0, "JSON" => 0, "MIME::Base64" => "3.11", "Math::Random::Secure" => 0, "Try::Tiny" => 0, "Type::Params" => 0, "Types::Standard" => 0, "namespace::autoclean" => 0, "parent" => 0, "strict" => 0, "warnings" => 0 }, "TEST_REQUIRES" => { "Test::More" => 0 }, "VERSION" => "0.003", "test" => { "TESTS" => "t/*.t" } ); my %FallbackPrereqs = ( "Carp" => 0, "Crypt::OpenSSL::X509" => "1.806", "Crypt::PK::ECC" => 0, "CryptX" => "0.034", "Digest::SHA" => 0, "Exporter::Tiny" => 0, "JSON" => 0, "MIME::Base64" => "3.11", "Math::Random::Secure" => 0, "Test::More" => 0, "Try::Tiny" => 0, "Type::Params" => 0, "Types::Standard" => 0, "namespace::autoclean" => 0, "parent" => 0, "strict" => 0, "warnings" => 0 ); unless ( eval { ExtUtils::MakeMaker->VERSION(6.63_03) } ) { delete $WriteMakefileArgs{TEST_REQUIRES}; delete $WriteMakefileArgs{BUILD_REQUIRES}; $WriteMakefileArgs{PREREQ_PM} = \%FallbackPrereqs; } delete $WriteMakefileArgs{CONFIGURE_REQUIRES} unless eval { ExtUtils::MakeMaker->VERSION(6.52) }; WriteMakefile(%WriteMakefileArgs); Authen-U2F-0.003/dist.ini000644 000765 000024 00000001170 13165014711 015077 0ustar00robnstaff000000 000000 name = Authen-U2F author = Robert Norris license = Perl_5 copyright_holder = Robert Norris copyright_year = 2016 version = 0.003 [@Filter] -bundle = @Basic -remove = GatherDir [GatherDir] exclude_filename = Makefile.PL exclude_filename = LICENSE [AutoPrereqs] [PkgVersion] die_on_existing_version = 1 die_on_line_insertion = 1 [MetaConfig] [MetaJSON] [NextRelease] [GithubMeta] issues = 1 [@Git] tag_format = %v allow_dirty = Changes allow_dirty = dist.ini allow_dirty = Makefile.PL [ReadmeAnyFromPod / MarkdownInRoot] filename = README.md [CopyFilesFromBuild] copy = Makefile.PL copy = LICENSE Authen-U2F-0.003/lib/Authen/000755 000765 000024 00000000000 13165014711 015426 5ustar00robnstaff000000 000000 Authen-U2F-0.003/lib/Authen/U2F.pm000644 000765 000024 00000025477 13165014711 016377 0ustar00robnstaff000000 000000 package Authen::U2F; $Authen::U2F::VERSION = '0.003'; # ABSTRACT: FIDO U2F library use warnings; use strict; use namespace::autoclean; use Types::Standard -types, qw(slurpy); use Type::Params qw(compile); use Try::Tiny; use Carp qw(croak); use Math::Random::Secure qw(irand); use MIME::Base64 3.11 qw(encode_base64url decode_base64url); use Crypt::OpenSSL::X509 1.806; use CryptX 0.034; use Crypt::PK::ECC; use Digest::SHA qw(sha256); use JSON qw(decode_json); use parent 'Exporter::Tiny'; our @EXPORT_OK = qw(u2f_challenge u2f_registration_verify u2f_signature_verify); sub u2f_challenge { __PACKAGE__->challenge(@_) } sub u2f_registration_verify { __PACKAGE__->registration_verify(@_) } sub u2f_signature_verify { __PACKAGE__->signature_verify(@_) } # Param checks my $challenge_check; my $registration_check; my $signature_check; sub challenge { $challenge_check ||= compile( ClassName, ); my ($class) = $challenge_check->(@_); my $raw = pack "L*", map { irand } 1..8; my $challenge = encode_base64url($raw); return $challenge; } sub registration_verify { $registration_check ||= compile( ClassName, slurpy Dict[ challenge => Str, app_id => Str, origin => Str, registration_data => Str, client_data => Str, ], ); my ($class, $args) = $registration_check->(@_); my $client_data = decode_base64url($args->{client_data}); croak "couldn't decode client data; not valid Base64-URL?" unless $client_data; { my $data = decode_json($client_data); croak "invalid client data (challenge doesn't match)" unless $data->{challenge} eq $args->{challenge}; croak "invalid client data (origin doesn't match)" unless $data->{origin} eq $args->{origin}; } my $reg_data = decode_base64url($args->{registration_data}); croak "couldn't decode registration data; not valid Base64-URL?" unless $reg_data; # $reg_data is packed like so: # # 1-byte reserved (0x05) # 65-byte public key # 1-byte key handle length # key handle # attestation cert # 2-byte DER type # 2-byte DER length # DER payload # signature my ($reserved, $key, $handle, $certtype, $certlen, $certsig) = unpack 'a a65 C/a n n a*', $reg_data; croak "invalid registration data (reserved byte != 0x05)" unless $reserved eq chr(0x05); croak "invalid registration data (key length != 65)" unless length($key) == 65; # extract the cert payload from the trailing data and repack my $certraw = substr $certsig, 0, $certlen; croak "invalid registration data (incorrect cert length)" unless length($certraw) == $certlen; my $cert = pack "n n a*", $certtype, $certlen, $certraw; # signature at end of the trailing data my $sig = substr $certsig, $certlen; my $x509 = try { Crypt::OpenSSL::X509->new_from_string($cert, Crypt::OpenSSL::X509::FORMAT_ASN1); } catch { croak "invalid registration data (certificate parse failure: $_)"; }; my $pkec = try { Crypt::PK::ECC->new(\$x509->pubkey); } catch { croak "invalid registration data (certificate public key parse failure: $_)"; }; # signature data. sha256 of: # # 1-byte reserved (0x00) # 32-byte sha256(app ID) (application parameter) # 32-byte sha256(client data (JSON-encoded)) (challenge parameter) # key handle # 65-byte key my $app_id_sha = sha256($args->{app_id}); my $challenge_sha = sha256($client_data); my $sigdata = pack "x a32 a32 a* a65", $app_id_sha, $challenge_sha, $handle, $key; my $sigdata_sha = sha256($sigdata); $pkec->verify_hash($sig, $sigdata_sha) or croak "invalid registration data (signature verification failed)"; my $enc_key = encode_base64url($key); my $enc_handle = encode_base64url($handle); return ($enc_handle, $enc_key); } sub signature_verify { $signature_check ||= compile( ClassName, slurpy Dict[ challenge => Str, app_id => Str, origin => Str, key_handle => Str, key => Str, signature_data => Str, client_data => Str, ], ); my ($class, $args) = $signature_check->(@_); my $key = decode_base64url($args->{key}); croak "couldn't decode key; not valid Base64-URL?" unless $key; my $pkec = Crypt::PK::ECC->new; try { $pkec->import_key_raw($key, "nistp256"); } catch { croak "invalid key argument (parse failure: $_)"; }; my $client_data = decode_base64url($args->{client_data}); croak "couldn't decode client data; not valid Base64-URL?" unless $client_data; { my $data = decode_json($client_data); croak "invalid client data (challenge doesn't match)" unless $data->{challenge} eq $args->{challenge}; croak "invalid client data (origin doesn't match)" unless $data->{origin} eq $args->{origin}; } my $sign_data = decode_base64url($args->{signature_data}); croak "couldn't decode signature data; not valid Base64-URL?" unless $sign_data; # $sig_data is packed like so # # 1-byte user presence # 4-byte counter (big-endian) # signature my ($presence, $counter, $sig) = unpack 'a N a*', $sign_data; # XXX presence check # XXX counter check # signature data. sha256 of: # # 32-byte sha256(app ID) (application parameter) # 1-byte user presence # 4-byte counter (big endian) # 32-byte sha256(client data (JSON-encoded)) (challenge parameter) my $app_id_sha = sha256($args->{app_id}); my $challenge_sha = sha256($client_data); my $sigdata = pack "a32 a N a32", $app_id_sha, $presence, $counter, $challenge_sha; my $sigdata_sha = sha256($sigdata); $pkec->verify_hash($sig, $sigdata_sha) or croak "invalid signature data (signature verification failed)"; return; } 1; __END__ =pod =encoding UTF-8 =for markdown [![Build Status](https://secure.travis-ci.org/robn/Authen-U2F.png)](http://travis-ci.org/robn/Authen-U2F) =head1 NAME Authen-U2F - FIDO U2F library =head1 SYNOPSIS use Authen::U2F qw( u2f_challenge u2f_registration_verify u2f_signature_verify); # Create a challenge to send to the U2F host my $challenge = u2f_challenge; # Process a registration response from the U2F host my ($key_handle, $key) = u2f_registration_verify( challenge => $challenge, app_id => $app_id, origin => $origin, registration_data => $registration_data, client_data => $client_data, ); # Process a signing (authentication) response from the U2F host u2f_signature_verify( challenge => $challenge, app_id => $app_id, origin => $origin, key_handle => $key_handle, key => $key, signature_data => $signature_data, client_data => $client_data, ); # Or, if you don't like to clutter up your namespace my $challenge = Authen::U2F->challenge; my ($key_handle, $key) = Authen::U2F->registration_verify(...); Authen::U2F->signature_verify(...); =head1 DESCRIPTION This module provides the tools you need to add support for U2F in your application. It's expected that you know the basics of U2F. More information about this can be found at L and L. This module does not handle the wire encoding of U2F challenges and response, as these are different depending on the U2F host you're using and the style of your application. In the C dir there are scripts that implement the 1.0 wire format, used by L, and a Plack application that works with L. Sadly, the documentation around U2F is rather more confusing than it should be, and this short description is probably not making things better. Please improve this or write something about U2F so we can improve application security everywhere. =head1 FUNCTIONS There are three functions: One for generating challenges for the host to sign, and one for processing the responses from the two types of signing requests U2F supports. There's straight function interface and a class method interface. Both do exactly the same thing; which you use depends onhow much verbosity you like vs how much namespace clutter you like. Only the functional interface is mentioned in this section; see the L for the details. =head2 u2f_challenge my $challenge = u2f_challenge; Creates a challenge. A challenge is 256 cryptographically-secure random bits. =head2 u2f_registration_verify Verify a registration response from the host against the challenge. If the verification is successful, returns the key handle and public key of the device that signed the challenge. If it fails, this function croaks with an error. Takes the following options, all required: =over 4 =item challenge The challenge originally given to the host. =item app_id The application ID. =item origin The browser location origin. This is typically the same as the application ID. =item registration_data The registration data blob from the host. =item client_data The client data blob from the host. =back =head2 u2f_signature_verify Verify a signature (authentication) response from the host against the challenge. If the verification is successful, the user has presented a valid device and is now authenticated. If the verification fails, this function croaks with an error. Takes the following options, all required. =over 4 =item challenge The challenge originally given to the host. =item app_id The application ID. =item origin The browser location origin. This is typically the same as the application ID. =item key_handle The handle of the key that was used to sign the challenge. =item key The stored public key associated with the handle. =item signature_data The signature data blob from the host. =item client_data The client data blob from the host. =back =head1 SUPPORT =head2 Bugs / Feature Requests Please report any bugs or feature requests through the issue tracker at L. You will be notified automatically of any progress on your issue. =head2 Source Code This is open source software. The code repository is available for public review and contribution under the terms of the license. L git clone https://github.com/robn/Authen-U2F.git =head1 AUTHORS =over 4 =item * Robert Norris =back =head1 COPYRIGHT AND LICENSE This software is copyright (c) 2016 by Robert Norris. This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. =cut Authen-U2F-0.003/examples/register.pl000644 000765 000024 00000001371 13165014711 017435 0ustar00robnstaff000000 000000 #!/usr/bin/env perl use warnings; use strict; use Authen::U2F; use JSON; use constant APPID => 'https://example.com'; use constant VERSION => 'U2F_V2'; print "CHALLENGE:\n"; my $challenge = Authen::U2F->challenge; print encode_json({ challenge => $challenge, appId => APPID, version => VERSION, }) . "\n"; exit; print "\n"; print "ENTER RESPONSE:\n"; chomp (my $in = ); my $reg_response = decode_json($in); my ($handle, $key) = Authen::U2F->registration_verify( challenge => $challenge, app_id => APPID, origin => APPID, registration_data => $reg_response->{registrationData}, client_data => $reg_response->{clientData}, ); print "\n"; print "HANDLE: $handle\n"; print "KEY: $key\n"; Authen-U2F-0.003/examples/demoserver/000755 000765 000024 00000000000 13165014711 017425 5ustar00robnstaff000000 000000 Authen-U2F-0.003/examples/sign.pl000644 000765 000024 00000001557 13165014711 016557 0ustar00robnstaff000000 000000 #!/usr/bin/env perl use warnings; use strict; use Authen::U2F; use JSON; use constant APPID => 'https://example.com'; use constant VERSION => 'U2F_V2'; my ($handle, $key) = @ARGV; unless ($handle && $key) { die "usage: $0 \n"; } print "CHALLENGE:\n"; my $challenge = Authen::U2F->challenge; print encode_json({ challenge => $challenge, keyHandle => $handle, appId => APPID, version => VERSION, }) . "\n"; print "\n"; print "ENTER RESPONSE:\n"; chomp (my $in = ); my $sign_response = decode_json($in); Authen::U2F->signature_verify( challenge => $challenge, app_id => APPID, origin => APPID, key_handle => $sign_response->{keyHandle}, key => $key, signature_data => $sign_response->{signatureData}, client_data => $sign_response->{clientData}, ); print "\n"; print "SUCCESS\n"; Authen-U2F-0.003/examples/demoserver/login_u2f.html.tt2000644 000765 000024 00000001410 13165014711 022703 0ustar00robnstaff000000 000000 U2F Demo

waiting for device...

Authen-U2F-0.003/examples/demoserver/register.html.tt2000644 000765 000024 00000001265 13165014711 022653 0ustar00robnstaff000000 000000 U2F Demo

waiting for device...

Authen-U2F-0.003/examples/demoserver/demoserver.psgi000644 000765 000024 00000013335 13165014711 022471 0ustar00robnstaff000000 000000 #!/usr/bin/env plackup use warnings; use strict; use Plack::Request; use Plack::Builder; use Plack::App::File; use Authen::U2F qw(u2f_challenge u2f_registration_verify u2f_signature_verify); use Template; use JSON; my $t = Template->new; # base app. finds a template file, includes the session and any current u2f # vars in the stash and expands the template my $base_app = sub { my ($env) = @_; my $req = Plack::Request->new($env); my $session = $req->session; my $path = $req->request_uri; my ($file) = $path eq '/' ? ('index') : $path =~ m{^/(\w+)$}; return $req->new_response(404)->finalize unless $file && -r "$file.html.tt2"; my $template = do { local (@ARGV, $/) = ("$file.html.tt2"); <> }; my $u2f = defined $env->{u2f} ? $env->{u2f} : {}; $t->process(\$template, { %$session, u2f => $u2f, }, \my $output) || die $t->error; my $res = $req->new_response(200); $res->headers([ 'Content-type' => 'text/html' ]); $res->body($output); return $res->finalize; }; # signup. on GET, just goes through to the base app to display the signup page. # on POST, inserts the passed username into the session, which we use as our "I # am logged in indicator my $signup_app = sub { my ($env) = @_; my $req = Plack::Request->new($env); my $session = $req->session; return $base_app->($env) unless $req->method eq 'POST'; my $params = $req->parameters; $session->{$_} = $params->{$_} for keys %$params; my $res = $req->new_response; $res->redirect('/', 302); return $res->finalize; }; # logout handler. deletes the username in the session, and then returns to the # root my $logout_app = sub { my ($env) = @_; my $req = Plack::Request->new($env); my $session = $req->session; delete $session->{username}; my $res = $req->new_response; $res->redirect('/', 302); return $res->finalize; }; # register screen. prepares a registration challenge and then goes to the base # handler, which will build the page from the register template, which has some # javascript in it to interact with the U2F device my $register_app = sub { my ($env) = @_; my $req = Plack::Request->new($env); my $session = $req->session; my $app_id = 'https://'.$req->uri->host; $session->{challenge} = u2f_challenge; my $register_request = { appId => $app_id, registerRequest => { version => 'U2F_V2', challenge => $session->{challenge}, }, registeredKeys => [ map { +{ version => 'U2F_V2', keyHandle => $_ } } keys %{$session->{registered_keys}} ], }; $env->{u2f}{register_request} = encode_json($register_request); return $base_app->($env); }; # save registration. recieves the signed registration challenge and verifies # it. if it's all good, it gets saved in the session (in a real app, it would # get saved in the user's persistent data) my $save_registration_app = sub { my ($env) = @_; my $req = Plack::Request->new($env); my $session = $req->session; my $app_id = 'https://'.$req->uri->host; my ($handle, $key) = u2f_registration_verify( challenge => $session->{challenge}, app_id => $app_id, origin => $app_id, registration_data => $req->parameters->{registrationData}, client_data => $req->parameters->{clientData}, ); $session->{registered_keys}{$handle} = $key; my $res = $req->new_response; $res->redirect('/', 302); return $res->finalize; }; # login. like signup, stores the username in the session to indicate "I am # logged in". then redirects to a second handler to do the U2F setup my $login_app = sub { my ($env) = @_; my $req = Plack::Request->new($env); my $session = $req->session; return $base_app->($env) unless $req->method eq 'POST'; my $params = $req->parameters; $session->{$_} = $params->{$_} for keys %$params; my $res = $req->new_response; $res->redirect('/login_u2f', 302); return $res->finalize; }; # login stage 2, prepare a signing (auth) challenge and then go the the base # handler to create the page from login_u2f template, which has some javascript # in it to interacte with the U2F device my $login_u2f_app = sub { my ($env) = @_; my $req = Plack::Request->new($env); my $session = $req->session; my $app_id = 'https://'.$req->uri->host; $session->{challenge} = u2f_challenge; my $sign_request = { appId => $app_id, challenge => $session->{challenge}, registeredKeys => [ map { +{ version => 'U2F_V2', keyHandle => $_ } } keys %{$session->{registered_keys}} ], }; $env->{u2f}{sign_request} = encode_json($sign_request); return $base_app->($env); }; # finish u2f. recieves the signed auth challenge and verifies it. if it checks # out, the user is now logged in my $finish_u2f_app = sub { my ($env) = @_; my $req = Plack::Request->new($env); my $session = $req->session; my $app_id = 'https://'.$req->uri->host; my $key_handle = $req->parameters->{keyHandle}; u2f_signature_verify( challenge => $session->{challenge}, app_id => $app_id, origin => $app_id, key_handle => $key_handle, key => $session->{registered_keys}{$key_handle}, signature_data => $req->parameters->{signatureData}, client_data => $req->parameters->{clientData}, ); my $res = $req->new_response; $res->redirect('/', 302); return $res->finalize; }; builder { enable 'Session'; mount '/u2f-api.js' => Plack::App::File->new(file => 'u2f-api.js')->to_app; mount '/signup' => $signup_app; mount '/logout' => $logout_app; mount '/register' => $register_app; mount '/save_registration' => $save_registration_app; mount '/login' => $login_app; mount '/login_u2f' => $login_u2f_app; mount '/finish_u2f' => $finish_u2f_app; mount '/' => $base_app; } Authen-U2F-0.003/examples/demoserver/login.html.tt2000644 000765 000024 00000000553 13165014711 022136 0ustar00robnstaff000000 000000 U2F Demo


Authen-U2F-0.003/examples/demoserver/signup.html.tt2000644 000765 000024 00000000554 13165014711 022334 0ustar00robnstaff000000 000000 U2F Demo


Authen-U2F-0.003/examples/demoserver/u2f-api.js000644 000765 000024 00000050623 13165014711 021234 0ustar00robnstaff000000 000000 //Copyright 2014-2015 Google Inc. All rights reserved. //Use of this source code is governed by a BSD-style //license that can be found in the LICENSE file or at //https://developers.google.com/open-source/licenses/bsd /** * @fileoverview The U2F api. */ 'use strict'; /** * Namespace for the U2F api. * @type {Object} */ var u2f = u2f || {}; /** * FIDO U2F Javascript API Version * @number */ var js_api_version; /** * The U2F extension id * @const {string} */ // The Chrome packaged app extension ID. // Uncomment this if you want to deploy a server instance that uses // the package Chrome app and does not require installing the U2F Chrome extension. u2f.EXTENSION_ID = 'kmendfapggjehodndflmmgagdbamhnfd'; // The U2F Chrome extension ID. // Uncomment this if you want to deploy a server instance that uses // the U2F Chrome extension to authenticate. // u2f.EXTENSION_ID = 'pfboblefjcgdjicmnffhdgionmgcdmne'; /** * Message types for messsages to/from the extension * @const * @enum {string} */ u2f.MessageTypes = { 'U2F_REGISTER_REQUEST': 'u2f_register_request', 'U2F_REGISTER_RESPONSE': 'u2f_register_response', 'U2F_SIGN_REQUEST': 'u2f_sign_request', 'U2F_SIGN_RESPONSE': 'u2f_sign_response', 'U2F_GET_API_VERSION_REQUEST': 'u2f_get_api_version_request', 'U2F_GET_API_VERSION_RESPONSE': 'u2f_get_api_version_response' }; /** * Response status codes * @const * @enum {number} */ u2f.ErrorCodes = { 'OK': 0, 'OTHER_ERROR': 1, 'BAD_REQUEST': 2, 'CONFIGURATION_UNSUPPORTED': 3, 'DEVICE_INELIGIBLE': 4, 'TIMEOUT': 5 }; /** * A message for registration requests * @typedef {{ * type: u2f.MessageTypes, * appId: ?string, * timeoutSeconds: ?number, * requestId: ?number * }} */ u2f.U2fRequest; /** * A message for registration responses * @typedef {{ * type: u2f.MessageTypes, * responseData: (u2f.Error | u2f.RegisterResponse | u2f.SignResponse), * requestId: ?number * }} */ u2f.U2fResponse; /** * An error object for responses * @typedef {{ * errorCode: u2f.ErrorCodes, * errorMessage: ?string * }} */ u2f.Error; /** * Data object for a single sign request. * @typedef {enum {BLUETOOTH_RADIO, BLUETOOTH_LOW_ENERGY, USB, NFC}} */ u2f.Transport; /** * Data object for a single sign request. * @typedef {Array} */ u2f.Transports; /** * Data object for a single sign request. * @typedef {{ * version: string, * challenge: string, * keyHandle: string, * appId: string * }} */ u2f.SignRequest; /** * Data object for a sign response. * @typedef {{ * keyHandle: string, * signatureData: string, * clientData: string * }} */ u2f.SignResponse; /** * Data object for a registration request. * @typedef {{ * version: string, * challenge: string * }} */ u2f.RegisterRequest; /** * Data object for a registration response. * @typedef {{ * version: string, * keyHandle: string, * transports: Transports, * appId: string * }} */ u2f.RegisterResponse; /** * Data object for a registered key. * @typedef {{ * version: string, * keyHandle: string, * transports: ?Transports, * appId: ?string * }} */ u2f.RegisteredKey; /** * Data object for a get API register response. * @typedef {{ * js_api_version: number * }} */ u2f.GetJsApiVersionResponse; //Low level MessagePort API support /** * Sets up a MessagePort to the U2F extension using the * available mechanisms. * @param {function((MessagePort|u2f.WrappedChromeRuntimePort_))} callback */ u2f.getMessagePort = function(callback) { if (typeof chrome != 'undefined' && chrome.runtime) { // The actual message here does not matter, but we need to get a reply // for the callback to run. Thus, send an empty signature request // in order to get a failure response. var msg = { type: u2f.MessageTypes.U2F_SIGN_REQUEST, signRequests: [] }; chrome.runtime.sendMessage(u2f.EXTENSION_ID, msg, function() { if (!chrome.runtime.lastError) { // We are on a whitelisted origin and can talk directly // with the extension. u2f.getChromeRuntimePort_(callback); } else { // chrome.runtime was available, but we couldn't message // the extension directly, use iframe u2f.getIframePort_(callback); } }); } else if (u2f.isAndroidChrome_()) { u2f.getAuthenticatorPort_(callback); } else if (u2f.isIosChrome_()) { u2f.getIosPort_(callback); } else { // chrome.runtime was not available at all, which is normal // when this origin doesn't have access to any extensions. u2f.getIframePort_(callback); } }; /** * Detect chrome running on android based on the browser's useragent. * @private */ u2f.isAndroidChrome_ = function() { var userAgent = navigator.userAgent; return userAgent.indexOf('Chrome') != -1 && userAgent.indexOf('Android') != -1; }; /** * Detect chrome running on iOS based on the browser's platform. * @private */ u2f.isIosChrome_ = function() { return $.inArray(navigator.platform, ["iPhone", "iPad", "iPod"]) > -1; }; /** * Connects directly to the extension via chrome.runtime.connect. * @param {function(u2f.WrappedChromeRuntimePort_)} callback * @private */ u2f.getChromeRuntimePort_ = function(callback) { var port = chrome.runtime.connect(u2f.EXTENSION_ID, {'includeTlsChannelId': true}); setTimeout(function() { callback(new u2f.WrappedChromeRuntimePort_(port)); }, 0); }; /** * Return a 'port' abstraction to the Authenticator app. * @param {function(u2f.WrappedAuthenticatorPort_)} callback * @private */ u2f.getAuthenticatorPort_ = function(callback) { setTimeout(function() { callback(new u2f.WrappedAuthenticatorPort_()); }, 0); }; /** * Return a 'port' abstraction to the iOS client app. * @param {function(u2f.WrappedIosPort_)} callback * @private */ u2f.getIosPort_ = function(callback) { setTimeout(function() { callback(new u2f.WrappedIosPort_()); }, 0); }; /** * A wrapper for chrome.runtime.Port that is compatible with MessagePort. * @param {Port} port * @constructor * @private */ u2f.WrappedChromeRuntimePort_ = function(port) { this.port_ = port; }; /** * Format and return a sign request compliant with the JS API version supported by the extension. * @param {Array} signRequests * @param {number} timeoutSeconds * @param {number} reqId * @return {Object} */ u2f.formatSignRequest_ = function(appId, challenge, registeredKeys, timeoutSeconds, reqId) { if (js_api_version === undefined || js_api_version < 1.1) { // Adapt request to the 1.0 JS API var signRequests = []; for (var i = 0; i < registeredKeys.length; i++) { signRequests[i] = { version: registeredKeys[i].version, challenge: challenge, keyHandle: registeredKeys[i].keyHandle, appId: appId }; } return { type: u2f.MessageTypes.U2F_SIGN_REQUEST, signRequests: signRequests, timeoutSeconds: timeoutSeconds, requestId: reqId }; } // JS 1.1 API return { type: u2f.MessageTypes.U2F_SIGN_REQUEST, appId: appId, challenge: challenge, registeredKeys: registeredKeys, timeoutSeconds: timeoutSeconds, requestId: reqId }; }; /** * Format and return a register request compliant with the JS API version supported by the extension.. * @param {Array} signRequests * @param {Array} signRequests * @param {number} timeoutSeconds * @param {number} reqId * @return {Object} */ u2f.formatRegisterRequest_ = function(appId, registeredKeys, registerRequests, timeoutSeconds, reqId) { if (js_api_version === undefined || js_api_version < 1.1) { // Adapt request to the 1.0 JS API for (var i = 0; i < registerRequests.length; i++) { registerRequests[i].appId = appId; } var signRequests = []; for (var i = 0; i < registeredKeys.length; i++) { signRequests[i] = { version: registeredKeys[i].version, challenge: registerRequests[0], keyHandle: registeredKeys[i].keyHandle, appId: appId }; } return { type: u2f.MessageTypes.U2F_REGISTER_REQUEST, signRequests: signRequests, registerRequests: registerRequests, timeoutSeconds: timeoutSeconds, requestId: reqId }; } // JS 1.1 API return { type: u2f.MessageTypes.U2F_REGISTER_REQUEST, appId: appId, registerRequests: registerRequests, registeredKeys: registeredKeys, timeoutSeconds: timeoutSeconds, requestId: reqId }; }; /** * Posts a message on the underlying channel. * @param {Object} message */ u2f.WrappedChromeRuntimePort_.prototype.postMessage = function(message) { this.port_.postMessage(message); }; /** * Emulates the HTML 5 addEventListener interface. Works only for the * onmessage event, which is hooked up to the chrome.runtime.Port.onMessage. * @param {string} eventName * @param {function({data: Object})} handler */ u2f.WrappedChromeRuntimePort_.prototype.addEventListener = function(eventName, handler) { var name = eventName.toLowerCase(); if (name == 'message' || name == 'onmessage') { this.port_.onMessage.addListener(function(message) { // Emulate a minimal MessageEvent object handler({'data': message}); }); } else { console.error('WrappedChromeRuntimePort only supports onMessage'); } }; /** * Wrap the Authenticator app with a MessagePort interface. * @constructor * @private */ u2f.WrappedAuthenticatorPort_ = function() { this.requestId_ = -1; this.requestObject_ = null; } /** * Launch the Authenticator intent. * @param {Object} message */ u2f.WrappedAuthenticatorPort_.prototype.postMessage = function(message) { var intentUrl = u2f.WrappedAuthenticatorPort_.INTENT_URL_BASE_ + ';S.request=' + encodeURIComponent(JSON.stringify(message)) + ';end'; document.location = intentUrl; }; /** * Tells what type of port this is. * @return {String} port type */ u2f.WrappedAuthenticatorPort_.prototype.getPortType = function() { return "WrappedAuthenticatorPort_"; }; /** * Emulates the HTML 5 addEventListener interface. * @param {string} eventName * @param {function({data: Object})} handler */ u2f.WrappedAuthenticatorPort_.prototype.addEventListener = function(eventName, handler) { var name = eventName.toLowerCase(); if (name == 'message') { var self = this; /* Register a callback to that executes when * chrome injects the response. */ window.addEventListener( 'message', self.onRequestUpdate_.bind(self, handler), false); } else { console.error('WrappedAuthenticatorPort only supports message'); } }; /** * Callback invoked when a response is received from the Authenticator. * @param function({data: Object}) callback * @param {Object} message message Object */ u2f.WrappedAuthenticatorPort_.prototype.onRequestUpdate_ = function(callback, message) { var messageObject = JSON.parse(message.data); var intentUrl = messageObject['intentURL']; var errorCode = messageObject['errorCode']; var responseObject = null; if (messageObject.hasOwnProperty('data')) { responseObject = /** @type {Object} */ ( JSON.parse(messageObject['data'])); } callback({'data': responseObject}); }; /** * Base URL for intents to Authenticator. * @const * @private */ u2f.WrappedAuthenticatorPort_.INTENT_URL_BASE_ = 'intent:#Intent;action=com.google.android.apps.authenticator.AUTHENTICATE'; /** * Wrap the iOS client app with a MessagePort interface. * @constructor * @private */ u2f.WrappedIosPort_ = function() {}; /** * Launch the iOS client app request * @param {Object} message */ u2f.WrappedIosPort_.prototype.postMessage = function(message) { var str = JSON.stringify(message); var url = "u2f://auth?" + encodeURI(str); location.replace(url); }; /** * Tells what type of port this is. * @return {String} port type */ u2f.WrappedIosPort_.prototype.getPortType = function() { return "WrappedIosPort_"; }; /** * Emulates the HTML 5 addEventListener interface. * @param {string} eventName * @param {function({data: Object})} handler */ u2f.WrappedIosPort_.prototype.addEventListener = function(eventName, handler) { var name = eventName.toLowerCase(); if (name !== 'message') { console.error('WrappedIosPort only supports message'); } }; /** * Sets up an embedded trampoline iframe, sourced from the extension. * @param {function(MessagePort)} callback * @private */ u2f.getIframePort_ = function(callback) { // Create the iframe var iframeOrigin = 'chrome-extension://' + u2f.EXTENSION_ID; var iframe = document.createElement('iframe'); iframe.src = iframeOrigin + '/u2f-comms.html'; iframe.setAttribute('style', 'display:none'); document.body.appendChild(iframe); var channel = new MessageChannel(); var ready = function(message) { if (message.data == 'ready') { channel.port1.removeEventListener('message', ready); callback(channel.port1); } else { console.error('First event on iframe port was not "ready"'); } }; channel.port1.addEventListener('message', ready); channel.port1.start(); iframe.addEventListener('load', function() { // Deliver the port to the iframe and initialize iframe.contentWindow.postMessage('init', iframeOrigin, [channel.port2]); }); }; //High-level JS API /** * Default extension response timeout in seconds. * @const */ u2f.EXTENSION_TIMEOUT_SEC = 30; /** * A singleton instance for a MessagePort to the extension. * @type {MessagePort|u2f.WrappedChromeRuntimePort_} * @private */ u2f.port_ = null; /** * Callbacks waiting for a port * @type {Array} * @private */ u2f.waitingForPort_ = []; /** * A counter for requestIds. * @type {number} * @private */ u2f.reqCounter_ = 0; /** * A map from requestIds to client callbacks * @type {Object.} * @private */ u2f.callbackMap_ = {}; /** * Creates or retrieves the MessagePort singleton to use. * @param {function((MessagePort|u2f.WrappedChromeRuntimePort_))} callback * @private */ u2f.getPortSingleton_ = function(callback) { if (u2f.port_) { callback(u2f.port_); } else { if (u2f.waitingForPort_.length == 0) { u2f.getMessagePort(function(port) { u2f.port_ = port; u2f.port_.addEventListener('message', /** @type {function(Event)} */ (u2f.responseHandler_)); // Careful, here be async callbacks. Maybe. while (u2f.waitingForPort_.length) u2f.waitingForPort_.shift()(u2f.port_); }); } u2f.waitingForPort_.push(callback); } }; /** * Handles response messages from the extension. * @param {MessageEvent.} message * @private */ u2f.responseHandler_ = function(message) { var response = message.data; var reqId = response['requestId']; if (!reqId || !u2f.callbackMap_[reqId]) { console.error('Unknown or missing requestId in response.'); return; } var cb = u2f.callbackMap_[reqId]; delete u2f.callbackMap_[reqId]; cb(response['responseData']); }; /** * Dispatches an array of sign requests to available U2F tokens. * If the JS API version supported by the extension is unknown, it first sends a * message to the extension to find out the supported API version and then it sends * the sign request. * @param {string=} appId * @param {string=} challenge * @param {Array} registeredKeys * @param {function((u2f.Error|u2f.SignResponse))} callback * @param {number=} opt_timeoutSeconds */ u2f.sign = function(appId, challenge, registeredKeys, callback, opt_timeoutSeconds) { if (js_api_version === undefined) { // Send a message to get the extension to JS API version, then send the actual sign request. u2f.getApiVersion( function (response) { js_api_version = response['js_api_version'] === undefined ? 0 : response['js_api_version']; console.log("Extension JS API Version: ", js_api_version); u2f.sendSignRequest(appId, challenge, registeredKeys, callback, opt_timeoutSeconds); }); } else { // We know the JS API version. Send the actual sign request in the supported API version. u2f.sendSignRequest(appId, challenge, registeredKeys, callback, opt_timeoutSeconds); } }; /** * Dispatches an array of sign requests to available U2F tokens. * @param {string=} appId * @param {string=} challenge * @param {Array} registeredKeys * @param {function((u2f.Error|u2f.SignResponse))} callback * @param {number=} opt_timeoutSeconds */ u2f.sendSignRequest = function(appId, challenge, registeredKeys, callback, opt_timeoutSeconds) { u2f.getPortSingleton_(function(port) { var reqId = ++u2f.reqCounter_; u2f.callbackMap_[reqId] = callback; var timeoutSeconds = (typeof opt_timeoutSeconds !== 'undefined' ? opt_timeoutSeconds : u2f.EXTENSION_TIMEOUT_SEC); var req = u2f.formatSignRequest_(appId, challenge, registeredKeys, timeoutSeconds, reqId); port.postMessage(req); }); }; /** * Dispatches register requests to available U2F tokens. An array of sign * requests identifies already registered tokens. * If the JS API version supported by the extension is unknown, it first sends a * message to the extension to find out the supported API version and then it sends * the register request. * @param {string=} appId * @param {Array} registerRequests * @param {Array} registeredKeys * @param {function((u2f.Error|u2f.RegisterResponse))} callback * @param {number=} opt_timeoutSeconds */ u2f.register = function(appId, registerRequests, registeredKeys, callback, opt_timeoutSeconds) { if (js_api_version === undefined) { // Send a message to get the extension to JS API version, then send the actual register request. u2f.getApiVersion( function (response) { js_api_version = response['js_api_version'] === undefined ? 0: response['js_api_version']; console.log("Extension JS API Version: ", js_api_version); u2f.sendRegisterRequest(appId, registerRequests, registeredKeys, callback, opt_timeoutSeconds); }); } else { // We know the JS API version. Send the actual register request in the supported API version. u2f.sendRegisterRequest(appId, registerRequests, registeredKeys, callback, opt_timeoutSeconds); } }; /** * Dispatches register requests to available U2F tokens. An array of sign * requests identifies already registered tokens. * @param {string=} appId * @param {Array} registerRequests * @param {Array} registeredKeys * @param {function((u2f.Error|u2f.RegisterResponse))} callback * @param {number=} opt_timeoutSeconds */ u2f.sendRegisterRequest = function(appId, registerRequests, registeredKeys, callback, opt_timeoutSeconds) { u2f.getPortSingleton_(function(port) { var reqId = ++u2f.reqCounter_; u2f.callbackMap_[reqId] = callback; var timeoutSeconds = (typeof opt_timeoutSeconds !== 'undefined' ? opt_timeoutSeconds : u2f.EXTENSION_TIMEOUT_SEC); var req = u2f.formatRegisterRequest_( appId, registeredKeys, registerRequests, timeoutSeconds, reqId); port.postMessage(req); }); }; /** * Dispatches a message to the extension to find out the supported * JS API version. * If the user is on a mobile phone and is thus using Google Authenticator instead * of the Chrome extension, don't send the request and simply return 0. * @param {function((u2f.Error|u2f.GetJsApiVersionResponse))} callback * @param {number=} opt_timeoutSeconds */ u2f.getApiVersion = function(callback, opt_timeoutSeconds) { u2f.getPortSingleton_(function(port) { // If we are using Android Google Authenticator or iOS client app, // do not fire an intent to ask which JS API version to use. if (port.getPortType) { var apiVersion; switch (port.getPortType()) { case 'WrappedIosPort_': case 'WrappedAuthenticatorPort_': apiVersion = 1.1; break; default: apiVersion = 0; break; } callback({ 'js_api_version': apiVersion }); return; } var reqId = ++u2f.reqCounter_; u2f.callbackMap_[reqId] = callback; var req = { type: u2f.MessageTypes.U2F_GET_API_VERSION_REQUEST, timeoutSeconds: (typeof opt_timeoutSeconds !== 'undefined' ? opt_timeoutSeconds : u2f.EXTENSION_TIMEOUT_SEC), requestId: reqId }; port.postMessage(req); }); }; Authen-U2F-0.003/examples/demoserver/index.html.tt2000644 000765 000024 00000000727 13165014711 022140 0ustar00robnstaff000000 000000 U2F Demo [% IF username %]

G'day [% username %]

[% IF registered_keys.keys %]

registered key handles:

    [% FOR handle IN registered_keys.keys %]
  • [% handle %]
    • [% END %]
[% END %] Register U2F device Logout [% ELSE %] Signup Login [% END %] Authen-U2F-0.003/t/01-dumb.t000644 000765 000024 00000000217 13165014711 015231 0ustar00robnstaff000000 000000 #!perl use Test::More; use Authen::U2F u2f_challenge; my $challenge = u2f_challenge; ok $challenge, "generated a challenge"; done_testing; Authen-U2F-0.003/t/00-load.t000644 000765 000024 00000000330 13165014711 015214 0ustar00robnstaff000000 000000 #!perl use strict; use warnings; use Test::More tests => 1; require_ok('Authen::U2F'); local $Authen::U2F::VERSION = $Authen::U2F::VERSION || 'from repo'; note("Authen::U2F $Authen::U2F::VERSION, Perl $], $^X");